Remote buffer overflow vulnerability in noip2 2.1.7
Bug #300609 reported by
Joril
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| no-ip (Debian) |
Fix Released
|
Unknown
|
|||
| no-ip (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: noip2
> No-IP Dynamic Update Client (DUC) is prone to a stack-based buffer-overflow vulnerability because it fails to adequately
> bounds-check input messages.
> An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious server. Successful attacks will
> allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service
> condition.
> DUC 2.1.7 for Linux is vulnerable; other versions may also be affected.
Source: http://
No-ip.com published version 2.1.8 at http://
Thanks!
| Changed in no-ip: | |
| status: | New → Confirmed |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
Revision history for this message
| Joril (jorilx) wrote | #2 |
Revision history for this message
| Jason Ribeiro (jrib) wrote | #3 |
| Changed in no-ip (Ubuntu): | |
| status: | Confirmed → Fix Released |
| Changed in no-ip (Debian): | |
| status: | Unknown → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/